The password manager confirms that encrypted passwords were stolen by hackers in an attack last August.
And Merry Christmas. Probably with clenched jaws, LastPass published a new blog post clarifying its knowledge of a hack its password manager suffered this summer.
Do we need to worry?
While we thought the story was closed, LastPass tells us that the publisher has new information to share about the hack, the contents of which we reported to you a few weeks ago.
On the company’s last tip, we learned that while personal information had been stolen, no password was included. This is no longer the case, the password manager reports today 30 million users.
Karim Toubba, CEO of the company, admits in his blog post today that hackers have stolen encrypted passwords and are trying to decrypt them. But we shouldn’t worry too much, assures the person concerned.
Essentially, encrypted content is very difficult to read
More specifically, the hackers managed to get their hands on some users’ vault. Safe containing in encrypted form all the passwords provided by the company’s customers. However, without the master key known only to the user, it is impossible to access the contents of the vault.
“These secure fields are encrypted using the 256-bit AES protocol and can only be decrypted by a unique key derived from the master password, which only users know. As a reminder, the Master Password is never known to LastPass and is not stored or maintained by LastPass. ‘ assures Karim Toubba.
So what if you were worried that you were one of those people whose data hackers are trying to access? Unfortunately not much. As we have seen, hackers are very unlikely to be able to do anything with this unreadable data. On the other hand, hackers may try to phish their victims by impersonating LastPass so that their victims willingly give them their Master Password. So pay special attention to the sender of an email and do not access LastPass via a link in an email.